Presidio: Back to the future
“Stop ransomware in its tracks by turning back time.” Sounds too good to be true? Well take a look at a revolutionary new platform launched by Presidio – a global digital services and solutions provider.
The Ransomware Mitigation Kit gives organisations an end-to-end white glove service to identify and protect against cyber threats, detect, and respond to risks as they occur.
“The ability for an organisation to identify and respond to cybersecurity incidents could mean the difference between a minor disruption and a potential catastrophic event,” said Dave Trader, Field CISO at US-based Presidio who points out cybercrime is expected to grow by 15% over the next five years - reaching $10.5 trillion USD annually by 2025 according to Cybersecurity Ventures.
Trader, who can build a cyber security program from the ground up, joined Presidio in 2019 and has a background in the Marines. He notes that companies have to get the basics in place, digital transformation, cloud, data, cyber and network.
“We are pioneers with our ability to address and mitigate ransomware attacks. It is a new frontier against cyber crime which is not being done by other cloud providers,” said Trader.
Presidio recognises that there is no one silver bullet to mitigating ransomware attacks. The Presidio strategy requires a layered approach and a team that is on top of emerging threats. The Ransomware Mitigation Kit maximizes the benefits of best-in-class security technology, as provided with the combination of Presidio, CrowdStrike and AWS.
Back to the future
Clients will appreciate being able to recover to where they were one hour before the attack. Recovery time means a quick restart, rather than a complete rebuild of the backbone, infrastructure, or databases. The innovative solution essentially turns the clock back and takes away the weapon that cyber adversaries have been using which is to hold data to ransom and halt production.
“I've seen catastrophic ransomware attacks that have brought companies to their knees, because they were just not able to defend themselves. But once this is set up, we can roll back to an hour before it happened and restore everything the way that it was. Clients will appreciate being able to recover to one hour before the attack, instead of possibly recovering to a point from weeks ago. Recovery time means a quick restart with minimal loss, rather than a complete rebuild of the backbone, infrastructure, or databases.
“We can then take our security operations and point it at that incident response and look at the digital forensics of the system that was affected, register it with CrowdStrike and it's no longer a zero day.”
The revolutionary new platform from Presidio defends against ransomware and sophisticated cyberattacks through a comprehensive service that combines leading security capabilities of Presidio, CrowdStrike, and CloudEndure, an Amazon Web Services (AWS) company.
“Tens of thousands of cybersecurity events occur on a daily basis that have the potential to cripple an organisation for weeks or months at a time. It’s not a matter of if your organisation will experience a crippling cyber event, it’s a matter of when. Preparation is critical. Our new solution can stop ransomware in its tracks, saving immeasurable time, resources, and money,” said Trader.
The company has demonstrated its expertise in helping customers design, architect, build, migrate and manage their workloads by building close partnerships with all the major infrastructure, security, and cloud providers. Some of the strategic partners in this scenario include Lacework, Trend Micro and Fortinet. Presidio’s relationships and deep understanding of all areas of technology has helped Presidio to achieve Premier Partner status within the AWS partner network in 2021.
The Ransomware Mitigation Kit offers:
- Visibility and breach protection across all digital assets
- Strong cloud security foundation to defend against ransomware and sophisticated cyber events
- Detection and attack prevention, leveraging community immunity
- Swift response and attack mitigation, preventing lateral spread of ransomware to other devices within or outside of the organisation
- Backup and recovery allow an organisation to reclaim and restore all lost or compromised data and applications to their state prior to the attack
According to Trader, previous approaches to ransomware mitigation and cyber protection were bifurcated, disjointed, and required reliance on mutable backups. As attacks and malicious activity become more sophisticated; prevention, detection and response to attacks must become more agile. Leveraging Artificial Intelligence (AI) and automation, the Ransomware Mitigation Kit eliminates most manual effort, dramatically cutting down on the time, money and resources needed to combat bad actors.
Founded in 2003, Presidio is a global digital services and solutions provider accelerating business transformation through secured technology modernisation. Highly skilled teams of engineers and solutions architects with deep expertise across cloud, security, networking, and modern data center infrastructure help customers acquire, deploy, and operate technology that delivers impactful business outcomes.
Virtual Security Operations Centre
Since joining Presidio Trader has doubled down on virtual security operations centre (vSOC) services. A vSOC is an outsourced, comprehensive, round-the-clock data monitoring solution that enables a company to identify threats as they arise.
Companies are recognizing that security can't be an optional add-on anymore. Security baked into everything from code to the DevSecOps, right through to deployment at the edge. This is what Trader calls ‘intrinsic security’. He believes that security be in the process every step of the way.
“We saw a gap in the market where we found companies building their own vSOC. It can work for a while, but companies end up overwhelming their entire team as the scope and scale of vulnerabilities continue to grow. They were looking for some help. We saw an opportunity to bring in our expertise and promote internal enterprise security teams so they can handle major events, while we dealt with the day-to-day incidents to protect their environment. We have been able to build tremendous client value in a close-knit relationship.”
Another benefit for Presidio's vSOC is its portability. Clients can stay with platforms they have in place – automation enables the solution to run without the end user noticing any change.
The “Cloud Right” Approach
Since early 2020 the market has seen a rush to migrate to the cloud while supporting a remote workforce. “We are trying to get applications closer to the user, which raises issues around latency and security concerns about the right way to achieve that,” says Trader. “We have moved from 'cloud first' to 'cloud right'. We start with an evaluation so that we can advise as to whether cloud is best for this client and if so - in what configuration.
“Customers tell us they had no idea that level of automation was even possible and are really enjoying the insights and outputs they are getting through being able to leverage the automation we have baked in through APIs,” he said.
Secure Access Service Edge
The Secure Access Service Edge (SASE) is at the forefront of Trader’s strategy for remote workers. “Latency became a problem. We had engineering companies and architects that were spending six or seven hours downloading blueprints they were working on at home, rather than the secure networks they had in the office. That placed a focus on identity access management and real-time assessment of the end user at the endpoint. That is why identity is so important: the perimeter has shifted.”
Addressing the endpoint required User and Entity Behaviour Analytics (UEBA) is a process of gathering insight into the network events that users generate every day. One example describes the 'impossible traveller' where a user appears to interact with the same resource from two different locations but could not possibly have made that trip in that time. “We'd recommend the user add another layer of validation called two-factor authentication. We are seeing more companies adopt that approach, which is very encouraging,” says Trader. To further protect the business, Presidio has incorporated Managed Detection and Response (MDR) to automatically detect such compromises, and to isolate or quarantine those offending users within seconds.
Partnerships with Lacework, Trend Micro and Fortinet
In the war against cyber attackers, a rich ecosystem of partners is vital, and Presidio’s approach is to find the right partners for each client situation. “I rely on dozens of partners to bring to the table including vendors such as Lacework, Trend Micro and Fortinet,” said Trader.
Lacework is the data security platform for the cloud which uses a patented Polygraph system which has cracked the code for how to leverage the massive scale, complexity, and containerisation of cloud computing to redefine a modern approach to security.
Presidio leverages Lacework to gain additional visibility on a decentralised model of the data. It focuses on anomaly detection and leveraging Entity and User Behaviour Analytics (EUBA).
Trader uses the analogy of sunspots to show how they can identify anomalies in data. “If you're looking at the sun and you've got different flares that pop off – those are anomalies. If we focus on normalised data, we're going to be pulling our hair out because that’s massive, so we need to focus on those anomalies.
“Lacework has implemented a feature called polygraph that gives us additional visibility into cloud workload security. Lacework has done a fantastic job of applying machine learning and AI.They pull the covers back and show what that science looks like.”
“It helps me to look into these cloud environments ahead of time and apply that technology to that cloud assessment. Then I can pinpoint the risk profile that I have for this particular workload and identify how to fix it. Lacework maps that right out for you. It’s all about anomaly detection and focusing on EUBA.”
Presidio also works with Trend Micro which uses advanced AI learning to enable resilience in cybersecurity for businesses, governments, and consumers with connected solutions across cloud workloads, endpoints, email, OT, and networks.
Trader appreciates Trend Micro’s ability to scale effectively across the board. “When it comes to massive environments, they're able to get that data under control, scrutinise that data, help us mitigate, and remediate.”
Another important player in this space is Fortinet which secures the largest enterprise, service provider, and government organisations around the world. The Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments.
Trader identifies Fortinet as doing a tremendous job around identity access management. “With Fortinet, you're able to really leverage the entire ecosystem of all the different disciplines between their next generation firewall systems.
“They have the ability to have all those product lines working in harmony, and they can distill that information. We start with wanting to understand the success criteria, and figure out if this is allowed, or not, in the client’s environment, and they manage it seamlessly. That harmony is so important. I have to stress this to my CISO friends that harmony allows us to really have bigger conversations around zero trust networking and new methodologies.”
When Cyber magazine first spoke to Trader last year he predicted “monumental opportunities in what our security practice can accomplish in 2021” - how right he was. “I don't believe in silver bullets when it comes to cybersecurity, because I do respect the adversary, but I do think Presidio has shown a pioneering spirit to come up with this groundbreaking ransomware solution.”